A sustained brute force cyber attack battered Nintendo’s sites for a month this summer – and allowed cybercriminals access to private data such as names, addresses and phone numbers for up to 24,000 Club Nintendo accounts.
The “brute force” attack carried on from 9 June to 2 July this year – involving 15.5 million attempted logins, according to the Japan Times. Nearly 24,000 accounts were successfully breached, and personal information accessed. The attack went undetected until 2 July, Nintendo has admitted.
The Japanese games company has since initiated a password reset. A company representative said that only Japanese site users had been affected, in an interview with gaming site C&VG.
Club Nintendo is a “reward points” scheme for gamers, with four million members in Japan. The news follows a data breach at gaming company Ubisoft last week, also targeting a system used to distribute “rewards” to gamers.
Users of Ubisoft’s Uplay received an email last week, saying that personal data including email addresses, user names and encrypted passwords had been compromised. Uplay works across platforms such as PC, Xbox 360, iOS and Facebook. The Uplay system requires users to log in with an email or password, and offers digital extras such as screensavers for PC games, but also works as a Digital Rights Management system (DRM) to prevent copying.
Author Rob Waugh, We Live Security